sectoprat | 1cefb6e3871357bd629d39e4533a04c19ad3418807eae9487d5fb8c28bdfc202 | Triage

Submit
Reports

Overview

overview

Static

static

3

1cefb6e387...2N.exe

windows7-x64

1cefb6e387...2N.exe

windows10-2004-x64

Sharing

General

Target

1cefb6e3871357bd629d39e4533a04c19ad3418807eae9487d5fb8c28bdfc202N
Size

3.2MB
Sample

241021-x55e8ssblc
MD5

43ea2e8224f20e16c652c6a831864fa0
SHA1

4a2f52d5d286e40f1e920c8359d5410b974b3ac6
SHA256

1cefb6e3871357bd629d39e4533a04c19ad3418807eae9487d5fb8c28bdfc202
SHA512

21ccea5a109964d0161ef447f8dc2304229e5cea24dfe9bbbab038dd7a8d51aff6a75e63e697d96be249b6a65ae4e6f86f3f93555fde528e8176a258d656cb01
SSDEEP

49152:k1hZX5SoqzWBLxMvFTjzuP07gs4u7dWen2U2d3DOalWi2tlE/D8Z6XlQxLtEe+U:ehhBLxUvtk5u7pnX2d3DvytlEbZ6

Score

10^/10

sectoprat discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1cefb6e3871357bd629d39e4533a04c19ad3418807eae9487d5fb8c28bdfc202N.exe

Resource

win7-20240729-en

sectoprat discovery rat trojan

windows7-x64

13 signatures

120 seconds

Behavioral task

behavioral2

Sample

1cefb6e3871357bd629d39e4533a04c19ad3418807eae9487d5fb8c28bdfc202N.exe

Resource

win10v2004-20241007-en

sectoprat discovery rat trojan

windows10-2004-x64

14 signatures

120 seconds

Malware Config

Targets

- Target
  
  1cefb6e3871357bd629d39e4533a04c19ad3418807eae9487d5fb8c28bdfc202N
- Size
  
  3.2MB
- MD5
  
  43ea2e8224f20e16c652c6a831864fa0
- SHA1
  
  4a2f52d5d286e40f1e920c8359d5410b974b3ac6
- SHA256
  
  1cefb6e3871357bd629d39e4533a04c19ad3418807eae9487d5fb8c28bdfc202
- SHA512
  
  21ccea5a109964d0161ef447f8dc2304229e5cea24dfe9bbbab038dd7a8d51aff6a75e63e697d96be249b6a65ae4e6f86f3f93555fde528e8176a258d656cb01
- SSDEEP
  
  49152:k1hZX5SoqzWBLxMvFTjzuP07gs4u7dWen2U2d3DOalWi2tlE/D8Z6XlQxLtEe+U:ehhBLxUvtk5u7pnX2d3DvytlEbZ6
Score

10^/10

sectoprat discovery rat trojan
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

sectopratdiscoveryrattrojan

behavioral2

sectopratdiscoveryrattrojan

© 2018-2025

Terms | Privacy